---

iam_id: "{{ inventory_hostname }}-iam"

iam_cache_timeout: 600s

iam_keycloak_auth_server_url: "https://{{ shared_service_keycloak_hostname }}/auth"
iam_keycloak_admin_user: "{{ keycloak_admin_username }}"
iam_keycloak_admin_password: "{{ keycloak_admin_password }}"

iam_labels: [
  '"traefik.enable=true"',
  '"traefik.http.routers.{{ iam_id }}.service={{ iam_id }}"',
  '"traefik.http.routers.{{ iam_id }}.rule=Host(`{{ stage_server_domain }}`)"',
  '"traefik.http.routers.{{ iam_id }}.entrypoints=websecure"',
  '"traefik.http.routers.{{ iam_id }}.tls=true"',
  '"traefik.http.routers.{{ iam_id }}.tls.certresolver=letsencrypt"',
  '"traefik.http.services.{{ iam_id }}.loadbalancer.server.port={{ service_port }}"',

  '"traefik.http.routers.{{ iam_id }}-admin.service={{ iam_id }}-admin"',
  '"traefik.http.routers.{{ iam_id }}-admin.rule=Host(`{{ stage_server_domain }}`)"',
  '"traefik.http.routers.{{ iam_id }}-admin.entrypoints=admin-service"',
  '"traefik.http.routers.{{ iam_id }}-admin.tls=true"',
  '"traefik.http.routers.{{ iam_id }}-admin.tls.certresolver=letsencrypt"',
  '"traefik.http.routers.{{ iam_id }}-admin.middlewares={{ iam_id }}-admin-cors"',
  '"traefik.http.middlewares.{{ iam_id }}-admin-cors.headers.accesscontrolallowmethods=GET,OPTIONS"',
  '"traefik.http.middlewares.{{ iam_id }}-admin-cors.headers.accesscontrolalloworigin=*"',
  '"traefik.http.middlewares.{{ iam_id }}-admin-cors.headers.accesscontrolallowheaders=SMA_USER"',
  '"traefik.http.services.{{ iam_id }}-admin.loadbalancer.server.port={{ management_port }}"',
]

iam_docker: {
  networks: [
    {
      name: back-tier,
      external: true,
    },
    {
      name: front-tier,
      external: true,
    },
  ],
  services: [
    {
      name: "{{ iam_id }}",
      image_name: "{{ iam_image_name }}",
      image_version: "{{ iam_image_version }}",
      labels: "{{ iam_labels + ( iam_labels_additional | default([])) }}",
      restart: "{{ iam_service_restart | default('always') }}",
      environment: [
        "SERVER_ERROR_INCLUDE_MESSAGE: \"always\"",
        "IAM_KEYCLOAK_AUTH_SERVER_URL: \"{{ iam_keycloak_auth_server_url }}\"",
        "IAM_KEYCLOAK_ADMIN_USER: \"{{ iam_keycloak_admin_user }}\"",
        "IAM_KEYCLOAK_ADMIN_PASSWORD: \"{{ iam_keycloak_admin_password }}\"",

        "SMA_JWT_ENABLED: \"{{ iam_jwt_enabled | default('false') }}\"",
        "SMA_JWT_SECRET: \"{{ iam_jwt_secret | default('') }}\"",

        "SPRINGDOC_SERVER_URL: \"{{ stage_server_domain }}\"",
        "SMA_CORS_ORIGINS: \"{{ stage_server_domain }}:{{ monitor_port_service }}\"",
      ],
      networks: [
        '"back-tier"',
        '"front-tier"',
      ],
      extra_hosts: "{{ iam_extra_hosts | default([]) }}",
    }
  ],
}